Searching the group for letsencrypt produces zero results, so I wonder if this might help people:
Trying to understand the functioning of the LE module - there are some oddities.
The steps for LE are described in the documentation (https://docs.ansible.com/ansible/letsencrypt_module.html), and boil down to:
- Request challenge data for a particular domain e.g. sub.domain.com from LE
- Fulfil the challenge (http, dns etc)
- Request the certificate from LE
I am successfully testing the module for all steps but confused by the requirement for a dest: certificate path for step (1) .
- Why is a local certificate created during the challenge phase?
Testing using the LE Fake CA, if the certificate (.crt) created during step (1) is deleted before the request from step (3) is complete, you will get a different cert (new SHA-1), for the same host pattern on your machine.
If you do not remove the cert, the certificate does not change after step (3).
- What’s happening here?
The documentation shows the dest: argument being the same for (1) and (3). Isn’t (3) downloading the certificate from the LE servers? If so, why does it not change if the local cert from (1) is not removed?